Internet of Things (IoT) gateways and cloud services hosting virtual machines have a common objective to manage the lifecycle of logical devices that are hosted on a physical platform. Lifecycle management includes creation and deletion of the logical device instance but also may include migration of the device instance from one platform to a second platform. The security properties of logical devices are tied to the physical security capabilities of the underlying platform. Consequently, when a logical device is instantiated, the platform security properties are bound to the logical device as part of a commissioning that also instantiates device credentials. The commissioning agent asserts security properties to ascribe to the device credential based on an assessment of the hosting platform. When a logical device is migrated from a first platform to a second platform, the security properties may change, suggesting the need to re-issue the device credentials. Re-issuance of credentials is a heavy weight process that could adversely impact operational latency and availability requirements.